SOC L3 / Threat Hunter

Job Requisition ID: 36260 

• CulturalFlex to observe your cultural and religious days of significance. 

• Rewards platform - your hard work won't go unnoticed at Deloitte.  

• Training and development - at Deloitte we believe in investing in our best assets, the people! 

About our team

Our Cyber Intelligence Centre (CIC) provides 24x7 cyber monitoring, threat intelligence, cyber analytics, threat hunting, cyber incident response, and other managed security services.  The Sydney CIC is part of a global network of over 30 Deloitte cyber intelligence centres globally. 

About the Role 

As a SOC L3 and Threat Hunting Specialist, you will be responsible for contributing to the delivery of our Managed Extended Detection and Response (MXDR) service offering to our clients, as well as supporting a team of passionate security analysts that underpin the service.  

You will act as a senior escalation point for our L1/2 team responding to security events & incidents, working with others in our L3 team - lead development of threat hunting hypotheses, and execution of proactive hunt activities for our MXDR service offering & leveraging a variety of toolsets and data sources, as well as supporting the cyber incident response team where necessary. 

You will drive continuous service improvement and look to identify/develop detection content across our technology stack as a hunt output where appropriate, leveraging threat intelligence and client requirements to steer such development, with the goal of ensuring our clients maintain a strong level of detection coverage. 

You will provide mentorship to the team, providing leadership and direction to analysts of all skill levels, and will act as a technical escalation point for our clients during high or critical incidents. 

We’re looking for someone with strong analytical skills and a sharp eye for detail, as well as someone who gets excited at the thought of getting their hands dirty. As such, the candidate will have a passion for cyber security and deep working knowledge of security operations at an enterprise level.  

Enough about us, let's talk about you

Successful applicants will have experience in as many of the areas below as possible, starting at the top of the list and working down in terms of priority: 

• An individual with excellent written and verbal communication skills. 

• An individual proactive about taking on new challenges, gaining new skills loves working collaboratively in a dynamic and rapidly growing team. 

• Minimum of 3 years’ experience in the security industry ideally with hands on experience in security operations, threat hunting, or incident response roles. 

• A strong understanding of threat hunting methodologies, security event investigation, incident management and SOC operating models. 

• Experience with Endpoint Detection and Response (EDR) solutions such as CrowdStrike or Microsoft Defender for Endpoint 

• Experience with SIEM and data lake platforms such as Splunk, Elasticsearch, Azure Sentinel, and Google Chronicle. 

• Maintains an awareness of current trending TTP’s, TA’s, and major industry events and can determine implications of this for an organisation.  

• Experience of using network tools to inspect/intercept traffic, and the ability to leverage tools such as Wireshark to perform deep packet analysis. 

• Strong knowledge of common protocols and their use within an enterprise network, and how such protocols are often abused. 

• Broad understanding of cyber-attack tactics, techniques and procedures, threat modelling and development of detection use cases mapped to MITRE ATT&CK.  

• Experience in the management of cyber incidents, from detection to resolution. 

• Experience in scripting language(s) (Bash, PowerShell, Python etc) a plus. 

• Appropriate professional certifications such as CISM, GCIH, GCIA, GNFA and vendor technology certifications like CCNA. 

• Technical experience in general information security best practices, TCP/IP networking and routing fundamentals, unix/linux system administration, network troubleshooting, intrusion detection/prevention. 

 Why Deloitte 

At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.   

We embrace diversity, equity and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong.  

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team, and personal commitments. 

We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package.  

Next Steps 

Sound like the sort of role for you? Apply now, we’d love to hear from you! 

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.